[9] RFR: 8168882: keytool doesn't print certificate info if disabled algorithm was used for signing a jar
Sean Mullan
sean.mullan at oracle.com
Thu Nov 3 14:00:36 UTC 2016
You should only unset the jdk.jar.disabledAlgorithms property if a
jarfile has been specified.
Also, you are printing the warning message for all usages of the
-printcert option, -ssl, etc, which is not correct.
But I don't really think the warning message is necessary. The docs for
the -printcert option are pretty clear that it simply extracts the
certificate and prints it. If we are going to put a warning in for
signed JARs, then arguably we should put in a more general, simple
warning in for all usages of this option to say that the certificate,
etc is not verified, ex:
"WARNING: The -printcert option does not verify the certificate."
But again, I don't think this is strictly necessary.
Thanks,
Sean
On 11/2/16 10:40 PM, Wang Weijun wrote:
> Everything is fine now.
>
> Thanks
> Max
>
> On 11/3/2016 9:38 AM, Artem Smotrakov wrote:
>> My bad, I missed that.
>>
>> http://cr.openjdk.java.net/~asmotrak/8168882/webrev.02/
>>
>> Artem
>>
>>
>> On 11/02/2016 06:30 PM, Wang Weijun wrote:
>>>> On 11/01/2016 11:59 PM, Wang Weijun wrote:
>>>>> >> Main.java:
>>>>> >>
>>>>> >> The warning (and the subsequent empty line) should be printed
>>>>> into System.err.
>>> This one?
>>>
>>
More information about the security-dev
mailing list